Lynn Chang's Blog

Upgrade to Ruby 3.0.6 (OpenSSL issues)

Photo by Christin Hume on Unsplash

Upgrade to Ruby 3.0.6 (OpenSSL issues)

Lynn Chang's photo
Lynn Chang
·

4 min read

Environment

  • MacOS Sonoma 14.3

  • Original Ruby version: 2.7.8

  • Ruby Version Manager: RVM 1.29.12

Goal

Upgrade Ruby from 2.7.8 to 3.0.6.

Issues Description

After successfully installing Ruby 3.0.6, I encountered difficulties running bundle install in my Rails project due to two OpenSSL-related issues.

  1. Could not load OpenSSL.

  2. Bundler::Fetcher::CertificateFailureError

Issue 1: Could not load OpenSSL.

bundle install
# Bundler (2.2.33) is older than the version that created the lockfile (2.3.7). We suggest you to upgrade to the version that created the lockfile by running gem install bundler:2.3.7.

Could not load OpenSSL.
You must recompile Ruby with OpenSSL support or change the sources in your Gemfile from 'https' to 'http'. Instructions for compiling with OpenSSL using RVM are available at rvm.io/packages/openssl.

Solution

If you're using macOS and RVM, here's how you can recompile Ruby with OpenSSL support:

1. Install the required dependencies: This is a more general command for installing openssl library on your system, potentially for use by various applications beyond Ruby.

brew install openssl

2. Install OpenSSL using RVM: This is specific to managing OpenSSL for Ruby installations through rvm.

rvm pkg install openssl

3. Install Ruby with OpenSSL support: This is use for reinstalling the required Ruby version and specify the installation location of OpenSSL.

# Replace <your_version> with your Ruby version.
rvm reinstall ruby-<your_version> --with-openssl-dir=$(brew --prefix openssl)

4. After the installation is complete, set the new Ruby version as the default:

rvm use <your_version> --default

5. Replace <your_version> with the version you installed.

Check if OpenSSL is linked correctly:

ruby -r openssl -e "puts OpenSSL::OPENSSL_LIBRARY_VERSION"
#=> OpenSSL 1.0.1i 6 Aug 2014

This should output the OpenSSL version like above, confirming that Ruby is now compiled with OpenSSL support.

These steps should help you resolve the OpenSSL-related issue on macOS with RVM.

Issue 2: Bundler::Fetcher::CertificateFailureError

After resolving the OpenSSL loading issue for the Ruby process, I attempted to run bundle install again. However, a new error surfaced.

Fetching gem metadata from https://rubygems.org/.......
Fetching https://github.com/kaikhq/omniauth-line.git
Fetching https://github.com/banister/binding_of_caller.git
Fetching https://github.com/excid3/convertkit-ruby.git
Fetching source index from https://gems.graphql.pro/

Retrying fetcher due to error (2/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://gems.graphql.pro/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see https://railsapps.github.io/openssl-certificate-verify-failed.html. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.

Retrying fetcher due to error (3/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://gems.graphql.pro/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see https://railsapps.github.io/openssl-certificate-verify-failed.html. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.

Retrying fetcher due to error (4/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://gems.graphql.pro/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see https://railsapps.github.io/openssl-certificate-verify-failed.html. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.

Could not verify the SSL certificate for https://gems.graphql.pro/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see https://railsapps.github.io/openssl-certificate-verify-failed.html. To
connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.

Solution

This was caused by "root certificate expiration" issue(Many thanks to santoshcop for providing this command.). You can run the command below and run bundle install again. The issue will be possible to be solved.

bundle config ssl_verify_mode 0 && echo ":ssl_verify_mode: 0" > ~/.gemrc

This command is used to configure Bundler to set the SSL verification mode to 0, effectively turning off SSL certificate verification. Additionally, it writes a configuration file (~/.gemrc) that includes the SSL verification mode setting, making it persistent for future gem-related operations in the user's environment.

To lessen security risks, I turned on SSL certificate verification after resolving this issue.

bundle config ssl_verify_mode 1 && echo ":ssl_verify_mode: 1" > ~/.gemrc

Make sure the settings are configured.

bundle config ssl_verify_mode

Settings for `ssl_verify_mode` in order of priority. The top value will be used
Set for your local app (/Users/lynnbright/code/blog/.bundle/config): 1
Ruby